Spellbook
LegalTech
PrincipalSecurityResearcher
Neural analysis suggests this role is
optimal for Senior candidates.
“Principal Security Researcher at Spellbook. Skills: Security Research, Offensive Security, AI Security, LLM Security, Product Security, Red Teaming, Threat Modeling. Identify security risks across the company and partner with the relevant teams to reduce them. Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis”
What You'll Achieve.
protect that trust at the source; reduce risk across Spellbook's products, infrastructure, AI workflows, and internal operations; raises the maturity of how Spellbook approaches red teaming, threat modelling, bug bounty triage, and incident response; reduce security risks; driving measurable risk reduction
Industry & Context.
identify security risks; validate real-world impact; reduce risk; distinguishing theoretical risk from practical risk; focus on what matters most
What They're Looking For.
Must Have
experience in application security, red teaming, penetration testing, vulnerability research, product security, or offensive security, Hands-on experience testing modern web applications, APIs, authentication flows, authorization models, cloud services, and distributed systems, Experience developing proof-of-concept exploits or clear technical demonstrations to validate security impact, Firm grasp of common software security risks, secure design principles, identity and access controls, data protection, and secure development practices, Experience partnering with engineering, product, or R&D teams to triage, prioritize, and remediate vulnerabilities end-to-end, Excellent written and verbal communication skills, with the ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research, and to explain trade-offs to engineers, PMs, and leadership, judgment around responsible disclosure, customer impact, confidentiality, and coordinated communication, Pragmatic at distinguishing theoretical risk from practical risk, with the instinct to help teams focus on what matters most, Comfortable operating with ambiguity and moving with urgency across hands-on testing, product security, incident support, and external coordination, Track record of driving measurable risk reduction in a fast-moving technical environment
Nice to Have
Experience with AI security, LLM security, prompt injection, jailbreaks, agentic workflows, model abuse, or secure AI product development, Experience in legaltech, fintech, healthtech, or another environment that handles highly sensitive customer data, Experience managing or participating in bug bounty programs, responsible disclosure programs, or external researcher communities, Experience publishing security research, speaking at conferences, or contributing to the broader security research community, Familiarity with enterprise security expectations and compliance frameworks such as SOC 2, HIPAA, GDPR, or emerging AI governance frameworks
What You'll Do.
Identify security risks across the company and partner with the relevant teams to reduce them
Lead active red teaming
application security testing
and adversarial analysis
Conduct original security research on legal AI
sensitive document workflows
Coordinate third-party penetration tests
and other external security assessments
Own external vulnerability reports — bug bounty submissions
responsible disclosure reports
researcher communications
and remediation tracking
Drive threat modelling and secure design reviews for new products
and infrastructure changes
Partner with R&D and Engineering to surface trust boundaries
and data exposure risks early in development
Support Security Operations during incident response by reproducing vulnerabilities
and recommending remediation
Engage with frontier AI labs
and the broader security community to stay current on AI safety and security developments
Publish security research
or conference talks where aligned with company priorities
Define and improve repeatable processes for security research
vulnerability management
and remediation across Spellbook
Support with other responsibilities and projects as required
How You'll Work.
Team & Collaboration
partner with the Director of Security & IT; work across the company; secure product development partnerships with R&D and Engineering; Partner with R&D and Engineering to surface trust boundaries, abuse cases, and data exposure risks early in development; Support Security Operations during incident response; Engage with frontier AI labs, external researchers, vendors, and the broader security community
Communication Scope
Excellent written and verbal communication skills; ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research; explain trade-offs to engineers, PMs, and leadership; coordinated communication
Process & Methodology
program-level work that raises the maturity of how Spellbook approaches red teaming, threat modelling, bug bounty triage, and incident response, Define and improve repeatable processes for security research, testing, vulnerability management, and remediation across Spellbook
Full Job Description
Spellbook is the most comprehensive AI copilot for transactional lawyers. It works directly inside Microsoft Word to help legal teams draft, review, and negotiate contracts up to 10x faster and with greater precision. Today, more than 4,000 law firms, in-house teams, and solo practitioners rely on Spellbook to simplify their workflows and eliminate the drudgery of everyday contract work. We are backed by leading investors including Khosla Ventures, Thomson Reuters Ventures, Inovia Capital, The LegalTech Fund, Bling Capital, and Moxxie Ventures. The company recently raised $50 million in Series B funding, led by Keith Rabois at Khosla Ventures, bringing its total funding to more than $80 million. *This is an existing vacancy ABOUT THE ROLE Legal teams worldwide trust Spellbook with their most sensitive data, and we're looking for a Principal Security Researcher to help us protect that trust at the source. You'll partner with the Director of Security & IT and work across the company to identify security risks, validate real-world impact, and reduce risk across Spellbook's products, infrastructure, AI workflows, and internal operations. This is a senior individual contributor role with broad influence. You'll move between original security research on legal AI and LLM-enabled workflows, hands-on offensive testing, secure product development partnerships with R&D and Engineering, and program-level work that raises the maturity of how Spellbook approaches red teaming, threat modelling, bug bounty triage, and incident response. RESPONSIBILITIES • Identify security risks across the company and partner with the relevant teams to reduce them. • Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis. • Conduct original security research on legal AI, LLM-enabled products, sensitive document workflows, prompt injection, data leakage, model misuse, and tool abuse. • Coordinate third-party penetration tests, red te
Applying for this Principal Security Researcher role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Spellbook?
Real rants from real employees. Read before you apply.